Recently, the US FBI has issued a warning about business email compromise (BEC) attacks by cybercriminals, who are trying to steal physical goods. BEC is when cybercriminals spoof business email accounts and impersonate executives to try and steal information, money, or products from an organization.
In this recent BEC scam, cybercriminals start this attack by sending you phishing emails spoofing the domains of legitimate organizations, pretending to be employees of the organization. In these emails, cybercriminals will ask to buy your business’ products, trying to trick you into thinking they’re making a legitimate business purchase order. If you agree to the order, the cybercriminals will send you fake credit payment information. These payments look legitimate and are only known as fraudulent after the products have already been shipped. These scams can be hard to spot. So, it’s important to learn how to keep yourself and your organization safe.
Follow the tips below to stay safe from similar scams:
- To verify the legitimacy of an order request, reach out to the person who allegedly sent the email by phone or in person.
- Even if the sender’s email address is from a trusted domain, the email could be fake. Cybercriminals can gain access to trusted domains to make their scams more believable.
When you receive an email, stop and look for red flags. For example, watch out for emails that were sent outside of business hours and emails that contain spelling or grammatical errors.
Stop, Look, and Think. Don’t be fooled.
Protect your network! Learn more about security awareness training for your team.